Skip to content

Commit

Permalink
mount gcp credentials for kaniko worker (#343)
Browse files Browse the repository at this point in the history 
* mount gcp credentials for kaniko worker

* update test
  • Loading branch information
@IronPan @k8s-ci-robot
IronPan authored and k8s-ci-robot committed Nov 21, 2018
1 parent f2c58fb commit 33f191f
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 13 deletions.
42 changes: 30 additions & 12 deletions sdk/python/kfp/compiler/_component_builder.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,18 +241,36 @@ def _check_gcs_path(self, gcs_path):

def _generate_kaniko_spec(self, namespace, arc_dockerfile_name, gcs_path, target_image):
"""_generate_kaniko_yaml generates kaniko job yaml based on a template yaml """
content = {'apiVersion': 'v1',
'metadata': {
'generateName': 'kaniko-',
'namespace': 'default'},
'kind': 'Pod',
'spec': {
'restartPolicy': 'Never',
'containers': [
{'name': 'kaniko',
'args': ['--cache=true'],
'image': 'gcr.io/kaniko-project/executor:v0.5.0'}],
'serviceAccountName': 'default'}}
content = {
'apiVersion': 'v1',
'metadata': {
'generateName': 'kaniko-',
'namespace': 'kubeflow',
},
'kind': 'Pod',
'spec': {
'restartPolicy': 'Never',
'containers': [{
'name': 'kaniko',
'args': ['--cache=true'],
'image': 'gcr.io/kaniko-project/executor:v0.5.0',
'env': [{
'name': 'GOOGLE_APPLICATION_CREDENTIALS',
'value': '/secret/gcp-credentials/user-gcp-sa.json'
}],
'volumeMounts': [{
'mountPath': '/secret/gcp-credentials',
'name': 'gcp-credentials',
}],
}],
'volumes': [{
'name': 'gcp-credentials',
'secret': {
'secretName': 'user-gcp-sa',
},
}],
'serviceAccountName': 'default'}
}

content['metadata']['namespace'] = namespace
args = content['spec']['containers'][0]['args']
Expand Down
12 changes: 11 additions & 1 deletion sdk/python/tests/compiler/testdata/kaniko.basic.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,4 +27,14 @@ spec:
args: ["--cache=true",
"--dockerfile=dockerfile",
"--context=gs://mlpipeline/kaniko_build.tar.gz",
"--destination=gcr.io/mlpipeline/kaniko_image:latest"]
"--destination=gcr.io/mlpipeline/kaniko_image:latest"]
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /secret/gcp-credentials/user-gcp-sa.json
volumeMounts:
- mountPath: /secret/gcp-credentials
name: gcp-credentials
volumes:
- name: gcp-credentials
secret:
secretName: user-gcp-sa

0 comments on commit 33f191f

Please sign in to comment.